Bug with filebeat inlucde_lines?

Hello,

I have been trying to use the include_lines option in the filebeat.yml file to read a SQL Server log file. Note that I am not using the mssql module of FileBeat; I just have an input of type log and point it to my SQL Server log. I cannot get the inlude_lines to work, after trying multiple variations and doing some extensive online research.

I create a dummy log file and update the lines manually. I point my filebeat to that dummy log. The include_lines option works perfectly fine.

Has anyone run into this issue?

In the mssql.yml file, I do not see an option to use include_lines, and the documentation does not mention it. Would anyone have a proven methodology for filtering SQL Server lines from logs? Thanks!

Sincerely,

RS

Note: when I use the include_lines to include lines that have the word "dummy" in filebeat.yml, and point it to a SQL Server log, I get the following messages when running in debug mode - I also include below a screenshot of filebeat.yml. Thanks!

Notice the spaces in the result from the debug mode:

The log file clearly shows that the string 'dummy' is in the line items. So why would inlude_lines not see 'dummy'? Like I mentioned, in my test log file, where I enter the values manually, no issues.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.